Описание
ELSA-2022-0892: libarchive security update (MODERATE)
[3.3.3-3]
- Do not follow symlinks when processing the fixup list (CVE-2021-31566)
[3.3.3-2]
- Fix handling of symbolic link ACLs (CVE-2021-23177)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
bsdtar
3.3.3-3.el8_5
libarchive
3.3.3-3.el8_5
libarchive-devel
3.3.3-3.el8_5
Oracle Linux x86_64
bsdtar
3.3.3-3.el8_5
libarchive
3.3.3-3.el8_5
libarchive-devel
3.3.3-3.el8_5
Связанные CVE
Связанные уязвимости
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
An improper link resolution flaw can occur while extracting an archive ...